forked from DGNum/infrastructure
46 lines
1.2 KiB
Nix
46 lines
1.2 KiB
Nix
{ config, ... }:
|
|
|
|
let
|
|
domain = "netbird.dgnum.eu";
|
|
in
|
|
{
|
|
imports = [ ./module.nix ];
|
|
|
|
services.netbird-server = {
|
|
enable = true;
|
|
|
|
logLevel = "DEBUG";
|
|
enableDeviceAuthorizationFlow = false;
|
|
enableNginx = true;
|
|
enableCoturn = false;
|
|
setupAutoOidc = true;
|
|
|
|
management.dnsDomain = "dgnum";
|
|
|
|
secretFiles.AUTH_CLIENT_SECRET = config.age.secrets."netbird-auth_client_secret_file".path;
|
|
|
|
settings = {
|
|
NETBIRD_DOMAIN = domain;
|
|
|
|
TURN_PASSWORD = "tototest1234";
|
|
|
|
NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT = "https://sso.dgnum.eu/oauth2/openid/netbird_dgn/.well-known/openid-configuration";
|
|
NETBIRD_AUTH_PKCE_USE_ID_TOKEN = true;
|
|
|
|
NETBIRD_AUTH_AUDIENCE = "netbird_dgn";
|
|
NETBIRD_AUTH_CLIENT_ID = "netbird_dgn";
|
|
# Updates the preference to use id tokens instead of access token on dashboard
|
|
# Okta and Gitlab IDPs can benefit from this
|
|
NETBIRD_TOKEN_SOURCE = "idToken";
|
|
|
|
# NETBIRD_AUTH_PKCE_REDIRECT_URLS = builtins.map (p: "http://localhost:${p}") [
|
|
# "53000"
|
|
# "54000"
|
|
# ];
|
|
|
|
NETBIRD_STORE_CONFIG_ENGINE = "sqlite";
|
|
};
|
|
};
|
|
|
|
# age-secrets.matches."^netbird-.*$" = { owner = "netbird"; };
|
|
}
|